CMMC Domain IA Identification and Authentication
Closely tied to Access Control, this Domain contains practices to ensure that only the person assigned to a user account is the one using it.
- IA.L2-3.5.6
- Disable identifiers after a defined period of inactivity.
- IA.L2-3.5.9
- Allow temporary password use for system logons with an immediate change to a permanent password.
- IA.L2-3.5.11
- Obscure feedback of authentication information.
- IA.L1-3.5.1
- Identify information system users, processes acting on behalf of users, or devices.
- IA.L1-3.5.2
- Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
- IA.L2-3.5.3
- Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.
- IA.L2-3.5.4
- Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
- IA.L2-3.5.5
- Prevent the reuse of identifiers for a defined period.
- IA.L2-3.5.7
- Enforce a minimum password complexity and change of characters when new passwords are created.
- IA.L2-3.5.8
- Prohibit password reuse for a specified number of generations.
- IA.L2-3.5.10
- Store and transmit only cryptographically-protected passwords.